stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
f98cea3bcfb4730b238ab8605ce6d48c2998aa44
git.stella-ops.org/docs/modules/scanner/operations/entrypoint-lang-go.md
master 8da4e12a90 Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00

1.3 KiB
Raw Blame History

Entry-Point Runtime — Go

Signals to gather

  • Statically linked ELF with .note.go.buildid.
  • .gopclntab section (function name table) or Go build ID strings.
  • Minimal dynamic dependencies (often none) and musl/glibc loader differences.
  • GODEBUG, GOMAXPROCS, GOENV environment variables.
  • Go module artefacts: go.mod, go.sum.

Implementation notes

  • Use ELF parsing to locate .note.go.buildid; fallback to scanning the first few MB for Go build ID.
  • Distinguish from Rust/C by checking .dynsym count, presence of Go-specific section names, and the absence of GLIBCXX.
  • For distroless images, rely solely on ELF traits since no package metadata is present.
  • Record binary path and module files as evidence.

Evidence & scoring

  • Strong boost for .note.go.buildid or .gopclntab.
  • Add evidence for module files or env variables.
  • Penalise binaries with high numbers of shared libraries (likely C/C++).

Edge cases

  • TinyGo or stripped binaries may lack build IDs—fall back to heuristics (symbol patterns, text section).
  • CGO-enabled binaries include glibc dependencies; still treat as Go but mention CGO in evidence if detected.
  • Supervisors wrapping Go services (e.g., envoy) should be handled upstream by wrapper detection.